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CONTENT PROTECTION IN NON-VOLATILE STORAGE DEVICES 

Field 

The invention pertains generally to non-volatile memory 
5 devices. More particularly, the invention relates to 

protecting content store in non-volatile storage devices from 
unauthorized modifications and/or access. 

Background 

Non-volatile storage and/or memory devices are employed 

10 by many electronic devices to store persistent information. A 
complementary metal oxide semiconductor (CMOS) is one such 
non-volatile storage device. The CMOS may act as a non- 
volatile store of information. In one implementation, a CMOS 
storage device may be employed to store configuration, 

15 identity, and/or setup information about a system or device. 

For example, a CMOS device may be employed by a computer to 
store Basic Input/Output System (BIOS) information. 

However, information stored in non-volatile devices may 
be intentionally or unintentionally changed, corrupted, or 

20 deleted. That is, environmental conditions (static, shock, 

etc.), intermittent device failures, or authorized or 
unauthorized access by a user and/or application may cause the 
information stored in the non-volatile device to be altered or 
deleted. For example, in a typical computer system a CMOS 

25 storage device stores information pertinent to central 

processing unit (CPU) an chipset configurations, errata, FWH 
security, etc. Because typical non-volatile storage devices 
lack hardware level security support, the information stored 
therein may be accessed and/or modified by users or 

30 applications. This creates the risk that such changes may 

hinder or prevent the proper operation of systems which rely 
on such information. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a diagram illustrating how inf ormation stored 
in various portions of a non-volatile storage device may be 
protected by different security measures. 

Figure 2 is a diagram illustrating various levels of 
security that may be employed to protect information stored in 
a non-volatile device. 

Figure 3 is a block diagram illustrating one method of 
implementing content protection in non-volatile storage 
devices according to one embodiment of the invention. 

Figure 4 is a block diagram illustrating a processing 
device embodying one implementation of the content protection 
invention. 

Figure 5 is a block diagram illustrating one method of 
implementing a mirroring security technique to safeguard 
information stored in non-volatile devices according to one 
embodiment of the invention. 
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DETAILED DESCRIPTION 

In the following detailed description of the invention, 
numerous specific details are set forth in order to provide a 
thorough understanding of the invention. However, the 
invention may be practiced without these specific details. In 
other instances well known methods, procedures, and/or 
components have not been described in detail so as not to 
unnecessarily obscure aspects of the invention. 

The invention provides a system, device, and method to 
protect information and/or content in a non-volatile storage 
device from unauthorized or unprivileged modifications and/or 
access . 

One aspect of the invention provides for protecting the 
content stored within a non-volatile device by implementing 
one or more content security or integrity measures. 

Referring to Figure 1, a non-volatile memory device may 
be physically and/or logically divided into one or more 
regions (Regions 1 through n) , each region of one or more 
contiguous bytes. In one implementation, each region may be 
defined as a specific number of contiguous bytes. In various 
embodiments each region may be protected by one or more 
security measures which inhibit or prevent the unauthorized 
deletion or modification of the content stored therein. For 
example, in Figure 1, Regions 1 and 3 are protected by a 
software scheme (such as encryption, checksum, mask bits, 
and/or cyclic redundancy check) while Region 2 is unprotected. 
In various embodiments each of the one or more regions of the 
non-volatile storage device may implement one or more forms of 
content protection or none at all. 

Figure 2 illustrates some of the security measures that 
may be employed by one embodiment of the invention. At a 
first level (Level 0) , the invention specifies how the non- 
volatile device is divided into regions for purposes of 
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implementing content protection in one or more regions. 
Levels 1-4 illustrate various content protection schemes (Mask 
Bits, Checksum, CRC, and Encryption) that may be implemented 
at each of the specified regions implement. Each region may 
5 be protected by one or more of the schemes (Levels 1-5) . 

In one embodiment, integrity metrics (such as checksum, 
CRC, and/or bit mask) may be obtained for the stored content 
sought to be protected. An integrity metric may be one or 
more values which are indicative of the validity of the 

10 content. 

According to one implementation mask bit protection is 
provided by requiring a particular bit or bits within one or 
more bytes of a specified storage region to be a certain 
values (either 1 or 0 for instance) . By checking the state or 

15 value of the masked bit (s) , it can be determined if the 

content of a region has been changed. That is, if a mask 
bit(s) is found to have been changed (the bit state/value is 
different than what it should be) then content is assumed to 
have been changed. 

20 Checksum protection may also be implemented, alone or in 

combination with other protection schemes. According to one 
checksum implementation, the sum of all bytes stored within a 
region is stored. Then the integrity of the stored content 
may later be checked by comparing the sum of the bytes to the 

25 previously stored value. In various implementations, only a 

portion of the byte sum is stored and compared. For instance, 
only the lower byte(s), or only the upper byte(s), of the sum 
may be stored for later comparison. 

As with checksums, cyclic redundancy check (CRC) may also 

30 be implemented to provide an indication of whether one or more 

bits or bytes stored in a region have changed since the CRC 
was last calculated. 

Yet another method of protecting content against 
unauthorized access and/or modification is the use of 

35 encryption. The content (bytes) stored in a particular region 
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may be encrypted to prevent unauthorized users or applications 
from reading this content . In one implementation, the content 
in each region may be encrypted with different encryption 
keys. Even if an application is capable of accessing a 
5 particular storage location, encryption prevents extraction of 

the information embodied therein. 

Although several content protection schemes have been 
illustrated above, the invention is not limited to these 
schemes (e.g. mask bits, checksum, CRC, or encryption) and 
10 other content protection schemes may be implemented without 

deviating from the invention. 

Another aspect of the invention provides for a way to 
make use of the content security and/or integrity measures 
described above within a system. 
15 Referring to Figure 3, an example illustrating the steps 

q of one implementation of the content protection method is 

W' shown. A non- volatile storage device is configured into one 

yf 

;n or more regions as described above 302. An integrity metric 

Ul (e.g. bit mask, checksum, cyclic redundancy check) is 

:K ; 20 calculated for valid data 304 and then stored 306. At a later 

B time, such as during a subsequent reboot for instance, the 

^ system checks the integrity of the content in the non-volatile 

^ storage device to determine if it has been modified without 

:'£| authorization 308. This may be accomplished in a number of 

!sB f 25 ways, including comparing the previously stored integrity 

metric to a newly calculated integrity metric for the current 
content in the storage device. If the current content is 
found to have been changed in an unauthorized manner, then the 
content of the region, or of the whole device, is replaced 
30 with a previously saved valid image of the content 310. If 
the current content is found to be modified in an authorized 
manner, then the integrity metric is updated to correspond to 
the current content 312. Additionally, an image of the 
modified but valid content is stored in another location for 
35 later reference 314. 
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In one implementation, a system which desires to protect 
one or more regions of content within a non- volatile device 
may store a mirror image of the one or more regions. The 
mirror image is an exact copy of the content in a particular 
region. This mirror image may be used at a later time to 
replace content which is determined to have been changed 
without authorization. In other embodiments, the stored image 
may also be used to compare it to the current content in the 
non- volatile device to determine if the current content has 
been changed since the image was stored. 

In one implementation, the mirror image is stored in a 
memory storage device or location which is 'locked' to prevent 
it from being modified by other users or applications. Such 
locking may be accomplished in numerous ways, including 
setting one or more bits or flags to indicate that such memory 
or storage location may not be used. 

Another aspect of the invention provides that whenever an 
authorized user or application changes the content stored in a 
non-volatile storage device a mirror image of the content is 
stored. That is, the previous image of the content is 
replaced by a new image of the content when modified by 
authorized means. 

Authorized means or interfaces for changing or modifying 
the content stored in a non-volatile device include software 
applications and/or embedded code specifically authorized by 
the system to change content within the non-volatile storage 
device. On the other hand, unauthorized means for changing 
the stored content includes directly accessing the non- 
volatile devices storage locations and changing the content 
without going through an authorized interface. 

According to one implementation, the invention may be 
practiced with a CMOS device containing the Basic Input Output 
System (BIOS) for a processing or computing device. 

Figure 4 illustrates one implementation of a processing 
device 402 configured to implement the content protection 
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scheme for non-volatile devices described above. The 
processing device includes a processor 404 communicatively 
coupled to a CMOS device 406, a non-volatile read-only memory 
(RAM) device 4 08, and a code storage device 410. 
5 Upon starting the processing device 402, the processor is 

configured to access the code storage device 410 and execute 
the code therein. The code in the code storage device 410 
instructs the processor to check whether the content (BIOS) 
found in one or more regions of the CMOS device 406 has been 
10 altered or modified. In one implementation, this may be 

accomplished by the processor comparing the mask bits, cyclic 
redundancy check, and/or checksum of the content in the CMOS 
regions to the previously stored corresponding values. In 
another implementation, the processor compares (e.g. byte-by- 
15 byte comparison) the content (BIOS) in each region to the 

previously stored mirror image of the content to determine if 
ic has been changed without authorization. 

If the content is found to have been changed without 
authorization, the processor 404 causes the changed region(s), 
20 or the changed content regions, to be replaced by the 
previously stored mirror image. 

According to one embodiment, the previously stored 
value (s) (e.g. checksums, CRC, etc.) and/or the previously 
stored mirror image of the content (e.g. BIOS) are stored in 
25 the non-volatile RAM device 408. In one implementation the 
code storage device may be a flash memory device. 

Figure 5 illustrates one method of content protection in 
a non-volatile device within a processing device or system 
such as a computer system. This method may be practiced in 
30 the computing device illustrated in Figure 4 for instance. 

The non-volatile storage device may be logically divided into 
regions, one or more of the regions implementing one or more 
of the security measures described above. 

Upon starting or restarting a system, the system reads a 
35 previously stored image (mirror image) of the content sought 

-7- 
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to be protected 502. In one embodiment , the mirror image is 
stored in a non-volatile RAM (NVR) device. In another 
embodiment, instead of reading the whole mirror image, the 
system may read one or more checksums, CRC, and/or mask bits 
for each region. 

The system then reads the non-volatile device storing the 
current version of the content 504. For example, in a 
computer system the CMOS storing the BIOS (the content sought 
to be protected) may be read. 

The system then determines if the content currently in 
the non-volatile device is valid 506. That is, it determines 
if there has been an unauthorized change of the content since 
the last time it was validated or checked. This may be 
accomplished in numerous ways. For example, a byte-by-byte 
comparison may be performed between the mirror image and 
current image of the content. In another embodiment, the 
current image of the content may be validated to determine if 
it satisfies the previously stored mask bits, checksum, and/or 
CRC. Any other method of validating the current data may be 
employed without departing from the invention. 

If the current content in the non-volatile storage (CMOS) 
device is found to be valid (there are no unauthorized 
changes) then a decision is made whether to save the image of 
the current content 508. A mirror image of the current 
content may be stored 510 for instance if the current content, 
although different from the previously stored valid content, 
is found to contain authorized changes. 

If the current content in the CMOS device is found to 
have been changed without authorization, then the previously 
saved image is restored 512. That is, the mirror image 
previously saved in the NVR is copied to the CMOS device. 

The system may then enable one or more of the security 
features described above 514. For example, the system may 
encrypt the content in one or more regions of the CMOS device, 
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perform checksum or CRC calculations, or implement or set a 
bit mask pattern. 

The system may then proceed with its normal startup 
procedure 516. For example, it may perform other boot-up 
tasks and then run an operating system (OS) or launch an 
extended firmware interface 518. 

Although in the examples above one or more aspects of the 
invention depict a CMOS device used for BIOS storage, the 
invention is not limited to such device or implementation and 
may be practiced with other non-volatile devices with other 
content . 

While certain exemplary embodiments have been described 
and shown in the accompanying drawings, it is to be understood 
that such embodiments are merely illustrative of and not 
restrictive on the broad invention, and that this invention 
not be limited to the specific constructions and arrangements 
shown and described, since various other modifications may 
occur to those ordinarily skilled in the art. Additionally, 
it is possible to implement the invention or some of its 
features in hardware, programmable devices, firmware, software 
or a combination thereof. The invention or parts of the 
invention may also be embodied in a processor readable storage 
medium or machine -readable medium such as a magnetic, optical, 
or semiconductor storage medium. 



